I'm denying various countries and dodgy IP's in httpd.conf. I also run modsecurity and have a custom php script which returns a 403 under certain conditions.

This has worked well until yesterday when a site visitor says he's receiving a 403 on every page.

This is strange as his IP address (or cidr block) is not in the ban list. It's not a modsecurity block as this is not being logged. It's not the custom script as this is not being logged either.

All I'm seeing is the 403 in the error_log and access log:

123.456.123.45 - - [16/Mar/2007:20:38:15 +0000] "GET /articles/widgets.html HTTP/1.1" 403 305 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10" 0 widgets.com "-" "-"

That to me looks like a standard 403 issued by the denying in httpd.conf file but as I say, the IP or block is not in the ban list.

Is there any other condition where a 403 can be issued?

[edited by: Frank_Rizzo at 8:54 pm (utc) on Mar. 16, 2007]